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PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

Sir: 

Please amend the subject application, filed concurrently herewith, as indicated 

below: 

IN THE SPECIFICATION ; 

On page 1, after the title and before the first paragraph on page 1, insert the 
following heading at the left-hand margin: - Field of the Invention —; 

Page 1, after line 12, before the paragraph "The increased need..." insert the 
following heading at the left-hand margin: - Description of Related Art —; 

Page 1, after line 22, before the paragraph "The object of the. , insert the 
following heading at the left-hand margin: - Summary of the Invention —; 

Page 1, line 27, after "host" insert —computer—; 

Line 27, delete "by a computing machine". 

Page 2, line 3, before "making" insert —for—; 



Page 2, line 4, after "and" insert —for—; 

Page 2, after line 22, and before "Other advantages and insert the 
following heading at the left-hand margin: — Brief Description of the Drawings —: 

Page 2, after line 25, and before "For simplicity's sake,. insert the 
following heading at the left-hand margin: - Description of the Preferred 
Embodiments -; 

Page 7, after line 14, insert the following new paragraph: 

—While this invention has been described in conjunction with specific 
embodiments thereof, it is evident that many alternatives, modifications and variations 
will be apparent to those skilled in the art. Accordingly, the preferred embodiments 
of the invention as set forth herein, are intended to be illustrative, not limiting. 
Various changes may be made without departing from the true spirit and full scope of 
the invention as set forth herein and defined in the claims.— 
IN THE CLAIMS; 



Please cancel Claims 1-13 in their entirety and without prejudice. 
Please substitute the following claims. 

1 15. An encryption circuit (1) for simultaneously processing various 

2 encryption algorithms, the circuit adapted to be coupled with a host computer system 

3 (HS), characterized in that the circuit comprises: 

4 - an input/output module (2), for handling data exchanges between the host 

5 system (HS) and the circuit (1) via a dedicated bus (PCI), 

6 - an encryption module (3) coupled with the input/output module (2) said 

7 encryption module controlling encryption and decryption operations, as well as 

8 storage of all sensitive information (1) of the circuit; and 
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9 » - isolation means (4) between the input/output module (2) and the encryption 

10 module (3), for making the sensitive information stored in the encryption module (3) 

1 1 inaccessible to the host system (HS) and for ensuring the parallelism of the operations 

12 performed by the input/output module (2) and the encryption module (3). 

1 16. An encryption circuit according to claim 15, characterized in that the 

2 isolation means (4) of the circuit (1) comprises a double-port memory (4). 

1 17. An encryption circuit according to claim 15 wherein this isolation means 

2 (4) comprises a double port memory coupled between the input/output module (2) and 

3 the encryption module (3), the dual-port memory (4) being coupled to a first bus and 

4 adapted to simultaneously handle the exchange of data, commands and statuses 

5 between the input/output and encryption modules (2 and 3), and isolation between the 

6 two modules (2 and 3). 

1 18. An encryption circuit is set forth in claim 15, characterized in that the 

2 encryption module (3) comprises: 

3 - a first encryption sub-module (3i), dedicated to the processing of symmetric 

4 encryption algorithms, and being coupled with the first bus of the dual port memory 

5 (4); 

6 - a second encryption sub-module (32), dedicated to the processing of 

7 asymmetric encryption algorithms (40) and being coupled with the first bus of the 

8 dual-port memory (4) and including a separate internal second bus isolated from the 

9 first bus of the dual-port memory (4); and 
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10 ' - a CMOS memory (11) coupled with the dual -port memory (4) via the first 

1 1 bus of the dual-port memory containing the encryption keys. 

1 19. An encryption circuit as set forth in claim 16, characterized in that the 

2 encryption modules (3) comprises: 

3 - a first encryption sub-module (3i), dedicated to the processing of symmetric 

4 encryption algorithms, and being coupled with the first bus of the dual port memory 

5 (4); 

6 - a second encryption sub-module (32), dedicated to the processing of 

7 asymmetric encryption algorithms (40) and being coupled with the first bus of the 

8 dual-port memory (4) and including a separate internal second bus isolated from the 

9 first bus of the dual -port memory (4); and 

10 - a CMOS memory (11) coupled with the dual -port memory (4) via the first 

1 1 bus of the dual-port memory containing the encryption keys. 

1 20. An encryption circuit as set forth in claim 17, characterized in that the 

2 encryption module (3) comprises: 

3 - a first encryption sub-module (3i), dedicated to the processing of symmetric 

4 encryption algorithms, and being coupled with the first bus of the dual port memory 

5 (4); 

6 - a second encryption sub-module (32), dedicated to the processing of 

7 asymmetric encryption algorithms (40) and being coupled with the first bus of the 

8 dual-port memory (4) and including a separate internal second bus isolated from the 

9 first bus of the dual -port memory (4); and 

10 - a CMOS memory (11) coupled with the dual-port memory (4) via the first 

1 1 bus of the dual -port memory containing the encryption keys. 
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1 • 21 an encryption circuit according to claim 18, characterized in that the first 

2 encryption sub-module (3i) comprises an encryption component (9) coupled with the 

3 dual-port memory (4) via the first bus of the memory (4), comprising various 

4 encryption automata, respectively dedicated to the processing of symmetric 

5 encryption algorithms, and in that the second encryption sub-module (82) comprises at 

6 least two encryption processors (lOi and IO2), respectively dedicated tot he processing 

7 of asymmetric encryption algorithms, coupled with the encryption module (9) via the 

8 internal second bus of the second sub-module (82) and a bus isolator (14) for isolating 

9 the second bus from the first bus of the dual port memory. 

1 22. An encryption circuit according to claim 21, characterized in that the 

2 encryption processors (lOi and IO2) of the encryption module (30 are of the CIP type. 

1 23. An encryption circuit according to claim 21, characterized in that one 

2 (100 of the two encryption processors (lOi and IO2) is of the CIP type, and in that the 

3 other (IO2) of the two encryption processors is of the ACE type. 

1 24. An encryption circuit according to claim 21, characterized in that one of 

2 the two encryption processor (IO2) is of the ACE type comprising a field 

3 programmable gate array (FPGA). 

1 25. An encryption circuit according to claim 24, characterized in that the 

2 encryption component (9) is of the SCE type. 



-5- 



1 



2 



' 26. An encryption circuit according to claina 25, characterized in that the 
encryption component (9) comprises a field programmable array (FPGA). 



1 27. An encryption circuit according to claim 26, characterized in that the 

2 second encryption sub-module (32) comprises a flash memory PROM (12) and an 

3 SRAM memory (13) coupled with the second internal bus of the sub-module (32). 

1 28. An encryption circuit according to claim 21, further comprising a CMOS 

2 memory (11) containing security keys and security mechanisms (15) adapted to 

3 trigger a reset mechanism of the CMOS memory (1 1) in case of an alarm. 

1 29. an encryption circuit according to claim 15 characterized in that the 

2 input/output module (2) comprises: 

3 - a microcontroller (6) having an input/output processor (6]) and a PCI 

4 interface (62) integrating DMA channels responsible for executing the data transfers 

5 between the host system (HS) and the circuit (1); 

6 - a flash memory (7) containing the code of the input/output processor (61) and 

7 ' a PCI interface (62) integrating DMA channels responsible for executing the data 

8 transfers between the host system (HS) and the circuit (1); 

9 - a flash memory (7) containing the code of the input/output processor (61); 

10 and 

11 - an SRAM memory (8) that receives a copy of the contents of the flash 

12 memory (7) upon startup of the input/output processor (61). 
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1 ' 30: An encryption circuit according to claim 15 comprising a serial link (SL) 

2 connected to input basic keys through a secure path independent of the dedicated PCI 

3 bus, said link adapted to be controlled by the encryption module (3). 

1 31. An encryption circuit according to claim 30, characterized in that the 

2 serial link (SL) allows downloading of proprietary algorithms into the first encryption 

3 sub-module (3 1). 

1 32. An encryption circuit as set forth in claim 15 further including a card 

2 supporting the circuit. 

1 33. An encryption circuit as set forth in claim 18 further including a card 

2 supporting the circuit. 

1 34. An encryption circuit as set forth in claim 21 further including a card 

2 supporting the circuit 

IN THE ABSTRACT: 

Delete the present Abstract in its entirety and replace with the one attached 
hereto as Attachment A. 

REMARKS 

This Preliminary Amendment is made to eliminate informalities in the 
specification, claims and abstract resulting from a literal translation of the French text, 
to eliminate the use of multiple dependent claims, and to insert headings to conform 
the application to U.S. practice. 
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ABSTRACT 

An encryption circuit (1) for simultaneously processing various encryption 
algorithms, the circuit being capable of being coupled with a host system (HS) hosted 
by a computing machine. The circuit (1) comprises an input/output module (2), 

5 responsible for the data exchanges between the host system (HS) and the circuit via a 

dedicated bus (PCI), an encryption module (3) coupled with the input/output module 
(2), in charge of the encryption and decryption operations as well as the storage of all 
of the circuit's sensitive information; and isolation means (4) between the 
input/output module (2) and the encryption module (3), making the sensitive 

10 information stored in the encryption module (3) inaccessible to the host system (HS), 

and ensuring the parallelism of the operations performed by the input/output module 
(2) and the encryption module (3). The circuit is supported on a peripheral 
component interconnect (PCI) card. The circuit is specifically adapted to provide 
"hardware" protection of computer servers or stations. 



Attachment A to Preliminary 
Amendment filed November 7, 
2000 in the name of LeQuere 



ARCHITECTURE OF AN ENCRYPTION CIRCUIT IMPLEMENTING VARIOUS 
TYPES OF ENCRYPTION ALGORITHMS SIMULTANEOUSLY WITHOUT A LOSS 

OF PERFORMANCE 



The present invention applies to the field of encryption, and more particularly, relates to 
an architecture of an encryption circuit implementing various types of encryption algorithms 
simultaneously. 

This architecture is embodied by a circuit supported by a PCI (Peripheral Component 
Interconnect) card, and makes it possible to implement various encryption algorithms in parallel, 
without a loss of performance in a machine (server or station). It also plays the role of a vault in 
which the secret elements (keys and certificates) required for any electronic encryption function 
are stored. 

The increased need for performance in cryptography, combined with the need for 
inviolability has led the manufacturers of security systems to favor hardware solutions in the 
form of additional cards. 

Such a card, coupled with a server, constitutes the hardware security element of the 

server. 

There are known implementations of security architectures based on ASIC (Application 
Specific Integrated Circuit) components, which entail high development costs for a solution that 
remains inflexible, both on the manufacturer end and on the user end. 

Furthermore, there is no architecture existing today that is capable of executing a set of 
algorithms simultaneously with a guaranteed throughput for each of them. 

The object of the invention is specifically to eliminate the aforementioned drawbacks and 
to meet the market's new demands for security. 

To this end, the subject of the invention is an architecture of an encryption circuit 
simultaneously processing various encryption algorithms, the circuit being capable of being 
coupled with a host system hosted by a computing machine. 

According to the invention, the circuit comprises: 

- an input/output module responsible for the data exchanges between the host system and 
the circuit via a PCI bus; 
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- an encryption module coupled with the input/output module, in charge of the encryption 
and decryption operations as well as the storage of all of the circuit's sensitive information; and 

- isolation means between the input/output module and the encryption module, making 
the sensitive information stored in the encryption module inaccessible to the host system, and 

5 ensuring the parallelism of the operations performed by the input/output module and the 
encryption module. 

The first advantage of the invention is that it allows fast execution of the principal 
encryption algorithms with two levels of parallelism, a first parallelism of the operations 
performed by the input/output module and the encryption module, and a second parallelism in 
flO the execution of the various encryption algorithms. 

O Another advantage of the invention is to make invisible to the host system all of the 

"ij encryption resources made available to the system, and to provide protected storage for secrets 
[y such as keys and certificates. The sensitive functions of the card (algorithms and keys) are all 
5 located inside the encryption module and are inaccessible from the PCI bus. 
f|5 The invention also has the advantage of enabling hardware and software implementations 

O of various encryption algorithms to coexist without a loss of performance, while guaranteeing the 
o throughputs of each of them. 

^ It has the further advantage of being scalable by a choice of standard microprocessor and 

programmable logic technologies, as opposed to more conventional implementations based on 
20 specific circuits (ASIC). The invention makes it possible, in particular, to implement proprietary 
algorithms simply by modifying the code of the encryption processors or by loading a new 
configuration file for the encryption automata of the encryption module. 

Other advantages and characteristics of the present invention will emerge through the 
reading of the following description, given in reference to the attached figure, which represents a 
25 block diagram of an architecture according to the invention. 

For simplicity's sake, the encryption/decryption module will hereinafter be called the 
"encryption module." 

The links between each module are all two-way links unless indicated. 

The encryption circuit 1 according to the invention hinges on two main modules: 
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- an input/output module 2 responsible for the data exchanges between the encryption 
resources and a host system HS via a PCI bus; and 

- an encryption module 3 in charge of the encryption and decryption operations as well as 
the storage of the secrets. 

5 These two modules 2 and 3, respectively delimited by an enclosing dot-and-dash line, 

dialogue via a dual-port memory DPR 4 that allows the exchange of data and commands/statuses 
between the two modules 2 and 3. 

A serial link SL controlled by the encryption module 3 also makes it possible to input the 
p basic keys through a secure path SP independent of the normal functional path (PCI bus), thus 
no meeting the requirement imposed by the FTPS 140 standard. 

D This link SL is connected to the card 1 via a module EPLD 5, or "Erasable Programmable 

SJi Logic Device," coupled between the input/output module 2 and the encryption module 3, that 
Jif ensures logical consistency between the modules. 
- The input/output module 2 includes the following elements: 

^15 - a microcontroller lOP 6 primarily constituted by a processor 6i and by a PCI interface 

H 62, integrating DMA (Direct Memory Access) channels. These are channels that are specific, or 
O dedicated, to the processor, through which the data exchanged between the memories passes, and 
which are coupled with the processor without using the resources of the processor; 

- a flash memory 7, which is a memory that saves the stored data without a power source 
20 and whose storage capacity is for example 512 kilobytes; and 

- an SRAM memory 8, from the abbreviation for "Static Random Access Memory" which 
is a memory that requires a power source in order to save the data stored in the memory, and 
whose storage capacity is for example 2 Megabytes. 

The data transfers between the encryption module 3 and the host system HS take place 
25 simultaneously with the encryption operations performed by the encryption module 3, thus 

making it possible to optimize the overall performance of the card 1 . 

The flash memory 7 contains the code of the processor of the microcontroller lOP 6, 
At startup, the processor copies the contents of the flash memory 7 into the SRAM 

memory 8; the code being executed in this memory for better performance. 
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The SRAM memory 8 could also be replaced by an SDRAM (Synchronous Dynamic 
RAM) memory, which is a fast dynamic memory. 

The microcontroller lOP 6 is capable of managing this type of memory without a loss of 
performance. 

The choice of the microcontroller depends primarily on the desired performance 
objectives as well as the total power consumption of the card supporting the circuit, which is 
generally limited to 25 W (PCI specification). 

The dual-port memory DPR 4 provides the isolation between the input/output module 2 
and the encryption module 3, thus making the latter inaccessible to the host system HS. 

Its storage capacity in the example described is 64 kilobytes. It temporarily stores the 
data that is to be encrypted or decrypted by the encryption automata of the encryption module 3. 

It is divided into two areas: 

- a control area, for example of 4 kilobytes, in which the microcontroller lOP 6 writes the 
control blocks to be sent to the automata; and 

- a data area, for example of 60 kilobytes, containing the data to be processed by the 
automata. 

The encryption module 3 includes first and second encryption sub-modules 3] and 32, 
respectively delimited by an enclosing broken line. 

The first sub-module 3\ includes an SCE (Symmetric Cipher Engine) component 9, 
dedicated to the processing of symmetric encryption algorithms, coupled with the bus of the 
dual-port memory 4. 

The second sub-module 32 is dedicated to the processing of asymmetric encryption 
algorithms. 

It is coupled with the bus of the dual-port memory 4, and includes a separate internal bus 
isolated from the bus of the dual-port memory 4, 
It also includes: 

- one or two processors CIP lOi, IO2, from the abbreviation for "Cipher Processor"; 

- a processor ACE IO2, from the abbreviation for "Asymmetric Cipher Processor," which 
in a variant of embodiment replaces one of the two cipher processors CIP 10], IO2; 



- a CMOS memory 1 1, for example with a storage capacity of 256 kilobytes, backed up 
by a battery; 

- a flash memory PROM 12, from the abbreviation for "Programmable Read-Only 
Memory," for example with a storage capacity of 512 kilobytes; and 

5 - an SRAM memory 13, for example with a storage capacity of 256 kilobytes. 

As illustrated in the block diagram of the figure, the SCE component 9 and the CMOS 
memory 1 1 are directly coupled with the bus of the dual-port memory DPR 4, while the 
processors CIP lOi and IO2 and the flash 12 and SRAM 13 memories are coupled with a separate 
bus isolated from the bus of the dual-port memory DPR 4 by means of a bus isolator 14, also 
^^0 called a bus "transceiver," represented in the figure by a block with two opposing arrows, 
O The flash memory PROM 12 located in the bus of the processors CIP 10] and IO2 

Z I contains all of the software used by the encryption module 3. 

The SRAM memory 13 plays two roles: 
7 - it enables the fast execution of the code of the processors CIP lOi and IO2; the code is 

ni5 copied into the memory from the flash memory PROM 12 at power up; 
O - it also makes it possible to store the data temporarily during the execution of the 

p algorithms. 

This characteristic of the architecture guarantees the independence of the various 
encryption automata from one another. 
20 The processor CIP 10] and the processor ACE IO2 both access the dual-port memory 

DPR 4 in order to read or write the data to be encrypted, but the processing of the algorithms per 
se takes place entirely within their own memory space (internal cache and SRAM 13) without 
interfering with the SCE component 9. 

The SCE component 9 integrates the various symmetric encryption automata (one 
25 automaton per algorithm) of the DES, RC4 or other type, as well as a random number generator, 
not represented. 

Each automaton works independently from the others and accesses the dual-port memory 
DPR 4 in order to read its control block (written by the microcontroller lOP 6) and the 
corresponding data to be processed. 
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The parallelism of the processing thus performed makes it possible to guarantee an 
optimal throughput for each algorithm even when the automata are used simultaneously. 

The only limitation on the processing is imposed by access to the dual-port memory DPR 
4, which is shared by all of the automata. 
5 The bandwidth of the data bus to this memory must therefore be greater than the sum of 

the throughputs of each algorithm in order not to limit their performance. 

The SCE component 9 is produced using a programmable technology that is also known 
as FPGA, or "Field Programmable Gate Array," which is a programmable circuit or chip having 
O a high logic gate density, which provides all of the flexibility required to implement new 
rlO algorithms, including proprietary algorithms, on demand. 

Q The configuration data for this component is contained in the flash memory PROM 12, 

SJ and is loaded into the SCE component 9 at power up under the control of the processor CIP lOi. 
^} The processor CIP lOi, using given programming software, implements the algorithms 

^ not implemented in the SCE component 9. It also implements asymmetric algorithms of the RSA 
Qs type with or without the help of the specialized automaton-implemented by the processor ACE 
O 102. 

O It performs the initialization of the security parameters (keys) via the serial link SL. 

™- The utilization of a high-performance processor at this level guarantees optimal 

performance in the execution of the algorithms as well as great flexibility for the implementation 
20 of additional algorithms. 

As a result of this processor, it is also possible to download proprietary algorithms via the 

serial link SL. 

According to a first embodiment, two processors CIP lO^ and IO2 are implemented: 
One of them lOj is required for the execution of the of the RSA algorithm; the other IO2 
25 implements the algorithms not yet supported by the SCE component 9. 

According to a second embodiment, there is only one processor CIP lOi assisted by a 
processor ACE IO2 that replaces one of the two processors CIP lOi and IO2 of the first 
embodiment, and which implements, in programmable logic, the intensive calculation linked to 
the protocol of the RSA algorithm. 
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All of the required algorithms are implemented in programmable logic in automata of the 
SCE component 9. 

This component is produced in programmable FPGA technology. 

The CMOS memory 1 1 contains the keys and other secrets of the card 1. It is backed up 
5 by a battery and protected by various known security mechanisms SM 15 which, in case of 
abnormalities, translate them as an intrusion attempt and erase its contents. 

These abnormalities are for example due to: 

- an abnormal increase or decrease in the temperature; 

- an abnormal increase or decrease in the supply voltage; 
^iO - a disencryption of the card; 

- a physical intrusion attempt (on-the card end or the host system end); 
P - etc. 

fy Each of the above events triggers an alarm signal that acts on the reset mechanism of the 

^ CMOS memory 11. 



7 



CLAIMS 



1 1, Architecture of an encryption circuit (1) simultaneously processing various 

2 encryption algorithms, the circuit being capable of being coupled with a host system (HS) hosted 

3 by a computing machine, characterized in that the circuit comprises: 

4 - an input/output module (2), responsible for the data exchanges between the host system 

5 (HS) and the circuit (1) via a dedicated bus (PCI), 

6 - an encryption module (3) coupled with the input/output module (2), in charge of the 

7 encryption and decryption operations as well as the storage of all of the circuit's sensitive 
rS8 information (1); and 

- isolation means (4) between the input/output module (2) and the encryption module (3), 

So making the sensitive information stored in the encryption module (3) inaccessible to the host 

2i 1 system (HS) and ensuring the parallelism of the operations performed by the input/output 

ttf2 module (2) and the encryption module (3). 

Ji; 1 2. Architecture according to claim 1 , characterized in that the isolation means of the 

H 2 circuit (1) comprises a double-port memory (4) coupled between the input/output module (2) and 

n 3 the encryption module (3), including its own bus and simultaneously handling the exchange of 

4 data, commands and statuses between the two modules (2 and 3), and the isolation between the 

5 two modules (2 and 3). 

1 3. Architecture according to either of claims 1 and 2, characterized in that the 

2 encryption module (3) comprises: 

3 - a first encryption sub-module (3i), dedicated to the processing of symmetric encryption 

4 algorithms, coupled with the bus of the dual port memory (4); 

5 - a second encryption sub-module (32), dedicated to the processing of asymmetric 

6 encryption algorithms (40) coupled with the bus of the dual-port memory (4) and including a 

7 separate internal bus isolated from the bus of the dual-port memory (4); and 

8 - a CMOS memory (11) coupled with the dual-port memory (4) via the bus of the dual- 

9 port memory containing the encryption keys. 
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1 4. Architecture according to claim 3, characterized in that the first encryption sub- 

2 module (3]) comprises an encryption component (9) coupled with the dual-port memory (4) via 

3 the bus of the memory (4), comprising various encryption automata, respectively dedicated to the 

4 processing of symmetric encryption algorithms, and in that the second encryption sub-module 

5 (32) comprises at least two encryption processors (lOi and IO2), respectively dedicated to the 

6 processing of asymmetric encryption algorithms, coupled with the encryption module (9) via the 

7 internal bus of the second sub-module (32), which is isolated from the bus of the dual port 

8 memory by a bus isolator (14). 

1 5. Architecture according to claim 4, characterized in that both processors (lOi) and 

2 1 02) of the encryption module (3) are of the CIP type. 

1 6. Architecture according to claim 4, characterized in that one (lOi) of the 

2 encryption processors (lOi and IO2) is of the CIP type, and in that the other (IO2) is of the ACE 

3 type. 

1 7. Architecture according to claim 4, characterized in that the encryption processor 

2 (IO2) of the ACE type is produced in programmable FPGA technology, 

1 8. Architecture according to any of claims 4 through 7, characterized in that the 

2 encryption module (9) is of the SCE type. 

1 9. Architecture according to claim 8, characterized in that the encryption module (9) 

2 is produced in programmable FPGA technology. 

1 10, Architecture according to any of claims 3 through 9, characterized in that the 

2 second encryption sub-module (32) also comprises a flash memory PROM (12) and an SRAM 

3 memory (13) coupled with the internal bus of the sub-module (32). 
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1 11. Architecture according to any of claims 3 through 10, characterized in that the 

2 CMOS memory (11) is protected by security mechanisms (15) that trigger the reset mechanism 

3 of the CMOS memory ( 1 1) in case of an alarm. 

1 12. Architecture according to any of claims 1 through 11, characterized in that the 

2 input/output module (2) comprises: 

3 - a microcontroller (6) comprising an input/output processor (60 and a PCI interface (62) 

4 integrating DMA channels responsible for executing the data transfers between the host system 
Q 5 (HS) and the circuit ( 1 ); 

S:j 6 - a flash memory (7) containing the code of the input/output processor (61); and 

2 7 - an SRAM memory (8) that receives a copy of the contents of the flash memory (7) at 

^4 8 the startup of the input/output processor (61). 

f 1 13. Architecture according to any of the preceding claims, comprising a serial link 

M 2 (SL) that makes it possible to input basic keys through a secure path independent of the PCI bus, 

Cl 3 characterized in that the link is controlled by the encryption module (3). 

1 14. Architecture according to claim 13, characterized in that the serial link (SL) 

2 allows the downloading of proprietary algorithms into the first encryption sub-module (3]). 
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ABSTRACT 



Architecture of an encryption circuit (1) simultaneously processing various encryption 
algorithms, the circuit being capable of being coupled with a host system (HS) hosted by a 
computing machine. The circuit (1) comprises an input/output module (2), responsible for the 
data exchanges between the host system (HS) and the circuit via a dedicated bus (PCI), an 
encryption module (3) coupled with the input/output module (2), in charge of the encryption and 
decryption operations as well as the storage of all of the circuit's sensitive information; and 
isolation means (4) between the input/output module (2) and the encryption module (3), making 
the sensitive information stored in the encryption module (3) inaccessible to the host system 
(HS), and ensuring the parallelism of the operations performed by the input/output module (2) 
and the encryption module (3), 

The applications specifically include the "hardware" protection of computer servers or 
stations. 
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